The instance of Apache HTTP Server running on the remote host is affected by a path traversal vulnerability. A remote, unauthenticated attacker can exploit this issue, via a specially crafted HTTP request, to access arbitrary files on the remote host.

Binary data apache_2_4_49_path_traversal.nbin

VendorProductVersionCPE
apachehttp_servercpe:/a:apache:http_server
apachehttpdcpe:/a:apache:httpd

Vendor	Product	Version	CPE
apache	http_server		cpe:/a:apache:http_server
apache	httpd		cpe:/a:apache:httpd

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773

httpd.apache.org/security/vulnerabilities_24.html

veracode 1

githubexploit 95

threatpost 4

httpd 2

zdt 3

wallarmlab 1

cnvd 1

openvas 11

redhatcve 2

cbl_mariner 1

kitploit 1

akamaiblog 1

nessus 6

nuclei 3

packetstorm 3

exploitdb 2

thn 4

freebsd 2

prion 2

nvd 2

alpinelinux 2

fedora 2

mageia 2

rapid7blog 1

hivepro 1

altlinux 2

cisa 2

debiancve 2

osv 4

cve 2

metasploit 2

attackerkb 4

checkpoint_advisories 1

f5 1

jvn 1

hackerone 2

ubuntucve 2

slackware 2

archlinux 1

impervablog 2

qualysblog 1

cisa_kev 2

kaspersky 1

ibm 1

cvelist 2

malwarebytes 1

photon 2

cisco 1

ics 1

trellix 2

veracode

Path Traversal

2021-10-06 07:50:10

githubexploit

Exploit for Path Traversal in Apache Http Server

2021-10-07 16:19:45

Exploit for Path Traversal in Fedoraproject Fedora

2021-11-26 04:54:16

Exploit for Path Traversal in Apache Http Server

2021-10-08 15:40:41

threatpost

Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions

2021-10-04 15:22:32

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

2021-10-01 20:08:23

Apache Web Server Zero-Day Actively Exploited, Exposes Sensitive Data

2021-10-05 20:01:27

httpd

Apache Httpd < 2.4.50 : Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

2021-09-29 00:00:00

Apache Httpd < 2.4.51 : Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

2021-10-06 00:00:00

zdt

Apache HTTP Server 2.4.49 - Path Traversal Vulnerability

2021-10-06 00:00:00

Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (3)

2021-11-11 00:00:00

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution Exploit

2021-10-26 00:00:00

wallarmlab

Wallarm starts to highlight CVE to address OWASP Top-10 A6 Vulnerable and Outdated Components

2021-10-15 23:13:35

cnvd

Apache HTTP Server path traversal vulnerability

2021-10-08 00:00:00

openvas

Apache HTTP Server 2.4.49 Directory Traversal / RCE Vulnerability - Active Check

2021-10-06 00:00:00

Slackware: Security Advisory (SSA:2021-280-01)

2022-04-21 00:00:00

Slackware: Security Advisory (SSA:2021-278-01)

2022-04-21 00:00:00

redhatcve

CVE-2021-41773

2021-10-05 13:27:36

CVE-2021-42013

2021-10-07 17:33:09

cbl_mariner

CVE-2021-41773 affecting package httpd 2.4.49-1

2021-10-15 04:46:31

kitploit

Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public

2021-10-29 20:30:00

akamaiblog

Mitigating CVE-2021-41773: Apache HTTP Server Path Traversal

2021-10-07 20:15:00

nessus

Apache 2.4.49 < 2.4.51 Path Traversal

2021-10-08 00:00:00

Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities

2021-10-05 00:00:00

Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities

2021-10-06 00:00:00

nuclei

Apache 2.4.49 - Path Traversal and Remote Code Execution

2021-10-05 14:49:36

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

2021-10-07 18:17:29

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

2021-10-07 18:17:29

packetstorm

Apache HTTP Server 2.4.49 Path Traversal

2021-10-06 00:00:00

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution

2021-10-25 00:00:00

Apache HTTP Server 2.4.50 Remote Code Execution

2021-11-11 00:00:00

exploitdb

Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)

2021-10-06 00:00:00

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)

2021-11-11 00:00:00

thn

New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

2021-10-08 04:47:00

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!

2021-10-05 14:53:00

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

2024-01-17 11:14:00

freebsd

Apache httpd -- Path Traversal and Remote Code Execution

2021-10-07 00:00:00

Apache httpd -- Multiple vulnerabilities

2021-10-05 00:00:00

prion

Path traversal

2021-10-05 09:15:00

Path traversal

2021-10-07 16:15:00

nvd

CVE-2021-42013

2021-10-07 16:15:09

CVE-2021-41773

2021-10-05 09:15:07

alpinelinux

CVE-2021-41773

2021-10-05 09:15:07

CVE-2021-42013

2021-10-07 16:15:09

fedora

[SECURITY] Fedora 34 Update: httpd-2.4.51-1.fc34

2021-10-12 23:46:03

[SECURITY] Fedora 35 Update: httpd-2.4.51-2.fc35

2021-10-15 00:50:08

mageia

Updated apache packages fix security vulnerabilities

2021-10-06 17:38:41

Updated apache packages fix security vulnerability

2021-10-08 22:12:12

rapid7blog

Apache HTTP Server CVE-2021-41773 Exploited in the Wild

2021-10-06 16:42:32

hivepro

Multiple vulnerabilities have been discovered in the Apache HTTP Server

2021-10-06 08:57:02

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.50-alt1

2021-10-07 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.50-alt1

2021-10-07 00:00:00

cisa

Apache Releases Security Update for Apache HTTP Server

2021-10-06 00:00:00

Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation

2021-10-07 00:00:00

debiancve

CVE-2021-41773

2021-10-05 09:15:07

CVE-2021-42013

2021-10-07 16:15:09

osv

BIT-apache-2021-42013

2024-03-06 10:54:27

BIT-apache-2021-41773

2024-03-06 10:54:39

CVE-2021-42013

2021-10-07 16:15:09

cve

CVE-2021-42013

2021-10-07 16:15:09

CVE-2021-41773

2021-10-05 09:15:07

metasploit

Apache 2.4.49/2.4.50 Traversal RCE scanner

2021-10-06 17:00:59

Apache 2.4.49/2.4.50 Traversal RCE

2021-10-08 11:22:47

attackerkb

CVE-2021-41773

2021-10-05 00:00:00

Apache HTTPd 2.4.49/2.4.50 路径穿越漏洞

2021-10-11 00:00:00

CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

2021-10-08 00:00:00

checkpoint_advisories

Apache HTTP Server Directory Traversal (CVE-2021-41773; CVE-2021-42013)

2021-10-06 00:00:00

K04082144 : Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013

2021-10-21 00:00:00

jvn

JVN#51106450: Apache HTTP Server vulnerable to directory traversal

2021-10-08 00:00:00

hackerone

Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)

2021-11-14 23:54:06

Internet Bug Bounty: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

2021-11-08 21:47:54

ubuntucve

CVE-2021-41773

2021-10-05 00:00:00

CVE-2021-42013

2021-10-07 00:00:00

slackware

[slackware-security] httpd

2021-10-08 03:27:06

[slackware-security] httpd

2021-10-06 01:14:05

archlinux

[ASA-202110-1] apache: directory traversal

2021-10-21 00:00:00

impervablog

How RASP Protects Apache Servers from zero-day Path Traversal Attacks (CVE-2021-41773)

2021-10-26 19:35:24

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

2024-01-31 14:03:45

qualysblog

Apache HTTP Server Path Traversal & Remote Code Execution (CVE-2021-41773 & CVE-2021-42013)

2021-10-28 06:22:22

cisa_kev

Apache HTTP Server Path Traversal Vulnerability

2021-11-03 00:00:00

Apache HTTP Server Path Traversal Vulnerability

2021-11-03 00:00:00

kaspersky

KLA12371 Multiple vulnerabilities in Apache HTTP Server

2021-10-04 00:00:00

ibm

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-42013)

2022-01-17 18:38:24

cvelist

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

2021-10-05 08:40:12

CVE-2021-42013 Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

2021-10-07 15:50:14

malwarebytes

[Updated, again] Apache fixes zero-day vulnerability in HTTP Server

2021-10-06 14:23:08

photon

Critical Photon OS Security Update - PHSA-2021-0118

2021-10-19 00:00:00

Critical Photon OS Security Update - PHSA-2021-4.0-0118

2021-10-20 00:00:00

cisco

Apache HTTP Server Vulnerabilities: October 2021

2021-10-07 16:00:00

ics

Known Indicators of Compromise Associated with Androxgh0st Malware

2024-01-16 12:00:00

trellix

The Bug Report – October Edition

2021-11-02 00:00:00

The Bug Report – October Edition

2021-11-02 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Related for APACHE_2_4_49_PATH_TRAVERSAL.NBIN